Deploy controller node with nsx-t support

Change-Id: Iae2b2679b4f7bdbc1fe5b82aa2c0f2b46e032907
This commit is contained in:
Artem Savinov 2016-08-29 20:13:29 +03:00 committed by Igor Zinovik
parent 12f8f25427
commit 9728ea3bb4
23 changed files with 922 additions and 20 deletions

38
Puppetfile Normal file
View File

@ -0,0 +1,38 @@
#!/usr/bin/env ruby
#^syntax detection
# See https://github.com/bodepd/librarian-puppet-simple for additional docs
#
# Important information for fuel-library:
# With librarian-puppet-simple you *must* remove the existing folder from the
# repo prior to trying to run librarian-puppet as it will not remove the folder
# for you and you may run into some errors.
# Pull in puppetlabs-stdlib
mod 'stdlib',
:git => 'https://github.com/fuel-infra/puppetlabs-stdlib.git',
:ref => '4.9.0'
# Pull in puppetlabs-inifile
mod 'inifile',
:git => 'https://github.com/fuel-infra/puppetlabs-inifile.git',
:ref => '1.4.2'
# Pull in puppet-neutron
mod 'neutron',
:git => 'https://github.com/fuel-infra/puppet-neutron.git',
:ref => 'stable/mitaka'
## Pull in puppet-nova
#mod 'nova',
# :git => 'https://github.com/fuel-infra/puppet-nova.git',
# :ref => 'stable/mitaka'
#
# Pull in puppet-openstacklib
mod 'openstacklib',
:git => 'https://github.com/fuel-infra/puppet-openstacklib.git',
:ref => 'stable/mitaka'
## Pull in puppet-keystone
#mod 'keystone',
# :git => 'https://github.com/fuel-infra/puppet-keystone.git',
# :ref => 'stable/mitaka'

View File

@ -0,0 +1,20 @@
notice('fuel-plugin-nsx-t: configure-agents-dhcp.pp')
neutron_dhcp_agent_config {
'DEFAULT/ovs_integration_bridge': value => 'nsx-managed';
'DEFAULT/interface_driver': value => 'neutron.agent.linux.interface.OVSInterfaceDriver';
'DEFAULT/enable_metadata_network': value => true;
'DEFAULT/enable_isolated_metadata': value => true;
'DEFAULT/ovs_use_veth': value => true;
}
if 'primary-controller' in hiera('roles') {
exec { 'dhcp-agent-restart':
command => "crm resource restart $(crm status|awk '/dhcp/ {print \$3}')",
path => '/usr/bin:/usr/sbin:/bin:/sbin',
logoutput => true,
provider => 'shell',
tries => 3,
try_sleep => 10,
}
}

View File

@ -31,6 +31,32 @@ nsx_config {
'nsx_v3/default_edge_cluster_uuid': value => $edge_cluster;
}
file { '/etc/neutron/plugin.ini':
ensure => link,
target => $::nsxt::params::nsx_plugin_config,
replace => true,
require => File[$::nsxt::params::nsx_plugin_dir]
}
if !$settings['insecure'] {
nsx_config { 'nsx_v3/insecure': value => $settings['insecure']; }
$ca_filename = try_get_value($settings['ca_file'],'name','')
if !empty($ca_filename) {
$ca_certificate_content = $settings['ca_file']['content']
$ca_file = "${::nsxt::params::nsx_plugin_dir}/${ca_filename}"
nsx_config { 'nsx_v3/ca_file': value => $ca_file; }
file { $ca_file:
ensure => present,
content => $ca_certificate_content,
require => File[$::nsxt::params::nsx_plugin_dir],
}
}
}
File[$::nsxt::params::nsx_plugin_dir]->
File[$::nsxt::params::nsx_plugin_config]->
Nsx_config<||>

View File

@ -1,3 +1,14 @@
notice('fuel-plugin-nsx-t: create-repo.pp')
class { '::nsxt::create_repo': }
include ::nsxt::params
$settings = hiera($::nsxt::params::hiera_key)
$managers = $settings['nsx_api_managers']
$username = $settings['nsx_api_user']
$password = $settings['nsx_api_password']
class { '::nsxt::create_repo':
managers => $managers,
username => $username,
password => $password,
}

View File

@ -0,0 +1,6 @@
notice('fuel-plugin-nsx-t: gem-install.pp')
# ruby gem package must be pre installed before puppet module used
package { ['ruby-json', 'ruby-rest-client']:
ensure => latest,
}

View File

@ -0,0 +1,7 @@
notice('fuel-plugin-nsx-t: hiera-override.pp')
include ::nsxt::params
class { '::nsxt::hiera_override':
override_file_name => $::nsxt::params::hiera_key,
}

View File

@ -0,0 +1,33 @@
notice('fuel-plugin-nsx-t: install-nsx-packages.pp')
$nsx_required_packages = ['libunwind8', 'zip', 'libgflags2', 'libgoogle-perftools4', 'traceroute',
'python-mako', 'python-simplejson', 'python-support', 'python-unittest2',
'python-yaml', 'python-netaddr', 'libprotobuf8',
'libboost-filesystem1.54.0', 'dkms', 'libboost-chrono-dev',
'libboost-iostreams1.54.0', 'libvirt0']
$nsx_packages = ['libgoogle-glog0', 'libjson-spirit', 'nicira-ovs-hypervisor-node', 'nsxa',
'nsx-agent', 'nsx-aggservice', 'nsx-cli', 'nsx-da', 'nsx-host',
'nsx-host-node-status-reporter', 'nsx-lldp', 'nsx-logical-exporter', 'nsx-mpa',
'nsx-netcpa', 'nsx-sfhc', 'nsx-transport-node-status-reporter',
'openvswitch-common', 'openvswitch-datapath-dkms', 'openvswitch-pki',
'openvswitch-switch', 'python-openvswitch', 'tcpdump-ovs']
package { $nsx_required_packages:
ensure => latest,
}
package { $nsx_packages:
ensure => latest,
require => [Package[$nsx_required_packages],Service['openvswitch-switch']]
}
service { 'openvswitch-switch':
ensure => stopped,
enable => false,
}
# This not shell(ubuntu dash) script, this bash script.
# if you leave it there all the command like '/bin/sh -c' cannot be executed
# example: start galera via pacemaker
file { '/etc/profile.d/nsx-alias.sh':
ensure => absent,
require => Package[$nsx_packages],
}

View File

@ -0,0 +1,69 @@
notice('fuel-plugin-nsx-t: neutron-server-start.pp')
include ::neutron::params
service { 'neutron-server-start':
ensure => 'running',
name => $::neutron::params::server_service,
enable => true,
hasstatus => true,
hasrestart => true,
}
include ::nsxt::params
neutron_config {
'DEFAULT/core_plugin': value => $::nsxt::params::core_plugin;
'DEFAULT/service_plugins': ensure => absent;
'service_providers/service_provider': ensure => absent;
}
Neutron_config<||> ~> Service['neutron-server']
if 'primary-controller' in hiera('roles') {
include ::neutron::db::sync
Exec['neutron-db-sync'] ~> Service['neutron-server-start']
Neutron_config<||> ~> Exec['neutron-db-sync']
$neutron_config = hiera_hash('neutron_config')
$management_vip = hiera('management_vip')
$service_endpoint = hiera('service_endpoint', $management_vip)
$ssl_hash = hiera_hash('use_ssl', {})
$internal_auth_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'protocol', 'http')
$internal_auth_address = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'hostname', [$service_endpoint])
$identity_uri = "${internal_auth_protocol}://${internal_auth_address}:5000"
$auth_api_version = 'v2.0'
$auth_url = "${identity_uri}/${auth_api_version}"
$auth_password = $neutron_config['keystone']['admin_password']
$auth_user = pick($neutron_config['keystone']['admin_user'], 'neutron')
$auth_tenant = pick($neutron_config['keystone']['admin_tenant'], 'services')
$auth_region = hiera('region', 'RegionOne')
$auth_endpoint_type = 'internalURL'
exec { 'waiting-for-neutron-api':
environment => [
"OS_TENANT_NAME=${auth_tenant}",
"OS_USERNAME=${auth_user}",
"OS_PASSWORD=${auth_password}",
"OS_AUTH_URL=${auth_url}",
"OS_REGION_NAME=${auth_region}",
"OS_ENDPOINT_TYPE=${auth_endpoint_type}",
],
path => '/usr/sbin:/usr/bin:/sbin:/bin',
tries => '30',
try_sleep => '15',
command => 'neutron net-list --http-timeout=4 2>&1 > /dev/null',
provider => 'shell',
subscribe => Service['neutron-server'],
refreshonly => true,
}
}
# fix add plugin.ini conf for neutron server
exec { 'fix-plugin-ini':
path => '/usr/sbin:/usr/bin:/sbin:/bin',
command => 'sed -ri \'s|NEUTRON_PLUGIN_CONFIG=""|NEUTRON_PLUGIN_CONFIG="/etc/neutron/plugin.ini"|\' /usr/share/neutron-common/plugin_guess_func',
provider => 'shell',
before => Service['neutron-server'],
}

View File

@ -0,0 +1,8 @@
notice('fuel-plugin-nsx-t: neutron-server-stop.pp')
include ::neutron::params
service { 'neutron-server-stop':
ensure => 'stopped',
name => $::neutron::params::server_service,
}

View File

@ -0,0 +1,34 @@
notice('fuel-plugin-nsx-t: reg-controller-as-transport-node.pp')
include ::nsxt::params
$settings = hiera($::nsxt::params::hiera_key)
$managers = $settings['nsx_api_managers']
$user = $settings['nsx_api_user']
$password = $settings['nsx_api_password']
$uplink_profile_uuid = $settings['uplink_profile_uuid']
$static_ip_pool_uuid = $settings['static_ip_pool_uuid']
$transport_zone_uuid = $settings['transport_zone_uuid']
$pnics_pairs = $settings['pnics_pairs']
nsxt_create_transport_node { 'Add transport node':
ensure => present,
managers => $managers,
username => $user,
password => $password,
uplink_profile_id => $uplink_profile_uuid,
pnics => $pnics_pairs,
static_ip_pool_id => $static_ip_pool_uuid,
transport_zone_id => $transport_zone_uuid,
}
if !$settings['insecure'] {
$ca_filename = try_get_value($settings['ca_file'],'name','')
if empty($ca_filename) {
# default path to ca for Ubuntu 14.0.4
$ca_file = "/etc/ssl/certs/ca-certificates.crt"
} else {
$ca_file = "${::nsxt::params::nsx_plugin_dir}/${ca_filename}"
}
Nsxt_create_transport_node { ca_file => $ca_file }
}

View File

@ -0,0 +1,26 @@
notice('fuel-plugin-nsx-t: reg-controller-on-management-plane.pp')
include ::nsxt::params
$settings = hiera($::nsxt::params::hiera_key)
$managers = $settings['nsx_api_managers']
$user = $settings['nsx_api_user']
$password = $settings['nsx_api_password']
nsxt_add_to_fabric { 'Register controller node on management plane':
ensure => present,
managers => $managers,
username => $user,
password => $password,
}
if !$settings['insecure'] {
$ca_filename = try_get_value($settings['ca_file'],'name','')
if empty($ca_filename) {
# default path to ca for Ubuntu 14.0.4
$ca_file = "/etc/ssl/certs/ca-certificates.crt"
} else {
$ca_file = "${::nsxt::params::nsx_plugin_dir}/${ca_filename}"
}
Nsxt_add_to_fabric { ca_file => $ca_file }
}

View File

@ -0,0 +1,13 @@
#!/bin/bash -e
repo_dir=$1
component_archive=$2
mkdir -p "$repo_dir"
cd "$repo_dir"
tar --wildcards --strip-components=1 -zxvf "$component_archive" "*/"
dpkg-scanpackages . /dev/null | gzip -9c > Packages.gz
echo 'Label: nsx-t-protected-packages' > Release
chmod 755 .
chmod 644 *
apt-get update
rm -fr "${component_archive:?}"

View File

@ -1 +0,0 @@
Label: nsx-t-protected-packages

View File

@ -0,0 +1,159 @@
require 'rest-client'
require 'json'
require 'openssl'
require 'open-uri'
module Puppet::Parser::Functions
newfunction(:get_nsxt_components, :type => :rvalue, :doc => <<-EOS
Returns the address of nsx-t manager, on which enable install-upgrade service
example:
get_nsxt_components('172.16.0.1,172.16.0.2,172.16.0.3', username, password)
EOS
) do |args|
managers = args[0]
username = args[1]
password = args[2]
managers.split(',').each do |manager|
# Suppression scheme, NSX-T 1.0 supports only https scheme
manager.to_s.strip =~ /(https?:\/\/)?(?<manager>.+)/
manager = Regexp.last_match[:manager]
service_enabled = check_service_enabled(manager, username, password)
if service_enabled == 'error'
next
elsif service_enabled == 'disabled'
service_enabled_on_manager = enable_upgrade_service(manager, username, password)
else
service_enabled_on_manager = service_enabled
end
if check_service_running(service_enabled_on_manager, username, password)
return get_component(service_enabled_on_manager, username, password)
else
service_enabled_on_manager = enable_upgrade_service(service_enabled_on_manager, username, password)
if check_service_running(service_enabled_on_manager, username, password)
return get_component(service_enabled_on_manager, username, password)
end
end
raise Puppet::Error,("\nCan not enable install-upgrade service on nsx-t manager\n")
end
end
end
def disable_upgrade_service(manager, username, password)
debug("Try disable install-upgrade service on #{manager}")
request = {'service_name' => 'install-upgrade', 'service_properties' => {'enabled' => false }}
api_url = "https://#{manager}/api/v1/node/services/install-upgrade"
response = nsxt_api(api_url, username, password, 'put', request.to_json)
debug("response:\n #{response}")
if response['service_properties']['enabled'] == false
return
end
raise Puppet::Error,("\nCannot disable install-upgrade service on nsx-t manager #{manager}\n")
end
def get_component(manager, username, password)
file_path = '/tmp/nsxt-components.tgz'
component_url = get_component_url(manager, username, password)
begin
File.open(file_path, 'wb') do |saved_file|
open(component_url, 'rb') do |read_file|
saved_file.write(read_file.read)
end
end
rescue => error
raise Puppet::Error,("\nCan not get file from #{url}:\n#{error.message}\n")
end
disable_upgrade_service(manager, username, password)
return file_path
end
def get_component_url(manager, username, password)
node_version = get_node_version(manager, username, password)
begin
manifest = open("http://#{manager}:8080/repository/#{node_version}/metadata/manifest").read
rescue => error
raise Puppet::Error,("\nCan not get url for nsx-t components from #{url}:\n#{error.message}\n")
end
manifest.split(/\n/).each do |str|
if str.include? 'NSX_HOST_COMPONENT_UBUNTU_1404_TAR'
url = str.split('=')[1]
return "http://#{manager}:8080#{url}"
end
end
end
def get_node_version(manager, username, password)
debug("Try get nsx-t node version from #{manager}")
api_url = "https://#{manager}/api/v1/node"
response = nsxt_api(api_url, username, password, 'get')
debug("response:\n #{response}")
if not response.to_s.empty?
return response['node_version']
end
raise Puppet::Error,("\nCan not get node version from #{manager}\n")
end
def check_service_enabled(manager, username, password)
debug("Check install-upgrade service enabled on #{manager}")
api_url = "https://#{manager}/api/v1/node/services/install-upgrade"
response = nsxt_api(api_url, username, password, 'get')
debug("response:\n #{response}")
if not response.to_s.empty?
if response['service_properties']['enabled'] == true
return response['service_properties']['enabled_on']
end
return 'disabled'
end
return 'error'
end
def check_service_running(manager, username, password)
debug("Check install-upgrade service running on #{manager}")
api_url = "https://#{manager}/api/v1/node/services/install-upgrade/status"
response = nsxt_api(api_url, username, password, 'get')
debug("response:\n #{response}")
if not response.to_s.empty?
if response['runtime_state'] == 'running'
return true
end
end
return false
end
def enable_upgrade_service(manager, username, password)
debug("Try enable install-upgrade service on #{manager}")
request = {'service_name' => 'install-upgrade', 'service_properties' => {'enabled' => true }}
api_url = "https://#{manager}/api/v1/node/services/install-upgrade"
response = nsxt_api(api_url, username, password, 'put', request.to_json)
debug("response:\n #{response}")
if response['service_properties']['enabled'] == true
return response['service_properties']['enabled_on']
end
raise Puppet::Error,("\nCannot enable install-upgrade service on nsx-t manager #{manager}\n")
end
def nsxt_api(api_url, username, password, method, request='', timeout=5)
retry_count = 3
begin
if method == 'get'
response = RestClient::Request.execute(method: :get, url: api_url, timeout: timeout, user: username, password: password, verify_ssl: OpenSSL::SSL::VERIFY_NONE)
elsif method == 'put'
response = RestClient::Request.execute(method: :put, url: api_url, payload: request, timeout: timeout, user: username, password: password, verify_ssl: OpenSSL::SSL::VERIFY_NONE, headers: {'Content-Type' => 'application/json'})
end
response_hash = JSON.parse(response.body)
return response_hash
rescue Errno::ECONNREFUSED
notice("\nCan not get response from #{api_url} - 'Connection refused', try next if exist\n")
return ""
rescue Errno::EHOSTUNREACH
notice("\nCan not get response from #{api_url} - 'No route to host', try next if exist\n")
return ""
rescue => error
retry_count -= 1
if retry_count > 0
sleep 10
retry
else
raise Puppet::Error,("\nCan not get response from #{api_url} :\n#{error.message}\n#{JSON.parse(error.response)['error_message']}\n")
end
end
end

View File

@ -0,0 +1,24 @@
require 'yaml'
module Puppet::Parser::Functions
newfunction(:hiera_overrides, :doc => <<-EOS
Custom function to override hiera parameters, the first argument -
file name, where write new parameters in yaml format, ex:
hiera_overrides('/etc/hiera/test.yaml')
EOS
) do |args|
filename = args[0]
hiera_overrides = {}
# override neutron_advanced_configuration
neutron_advanced_configuration = {}
neutron_advanced_configuration['neutron_dvr'] = false
neutron_advanced_configuration['neutron_l2_pop'] = false
neutron_advanced_configuration['neutron_l3_ha'] = false
neutron_advanced_configuration['neutron_qos'] = false
hiera_overrides['neutron_advanced_configuration'] = neutron_advanced_configuration
# write to hiera override yaml file
File.open(filename, 'w') { |file| file.write(hiera_overrides.to_yaml) }
end
end

View File

@ -10,7 +10,7 @@ Puppet::Type.newtype(:nsxt_add_to_fabric) do
munge do |value|
array = []
value.split(',').each do |manager|
manager.to_s.strip =~ /(https:\/\/)?(?<host>[^:]+):?(?<port>\d+)?/
manager.to_s.strip =~ /(https?:\/\/)?(?<host>[^:]+):?(?<port>\d+)?/
host= Regexp.last_match[:host]
port = Regexp.last_match[:port]
port = 443 if port.to_s.empty?

View File

@ -10,7 +10,7 @@ Puppet::Type.newtype(:nsxt_create_transport_node) do
munge do |value|
array = []
value.split(',').each do |manager|
manager.to_s.strip =~ /(https:\/\/)?(?<host>[^:]+):?(?<port>\d+)?/
manager.to_s.strip =~ /(https?:\/\/)?(?<host>[^:]+):?(?<port>\d+)?/
host= Regexp.last_match[:host]
port = Regexp.last_match[:port]
port = 443 if port.to_s.empty?

View File

@ -1,14 +1,18 @@
class nsxt::create_repo (
$managers,
$username,
$password,
$repo_dir = '/opt/nsx-t-repo',
$repo_file = '/etc/apt/sources.list.d/nsx-t-local.list',
$repo_pref_file = '/etc/apt/preferences.d/nsx-t-local.pref',
) {
file { $repo_dir:
ensure => directory,
$component_archive = get_nsxt_components($managers, $username, $password)
file { '/tmp/create_repo.sh':
ensure => file,
mode => '0755',
source => "puppet:///modules/${module_name}/packages",
recurse => true,
force => true,
source => "puppet:///modules/${module_name}/create_repo.sh",
replace => true,
}
file { $repo_file:
ensure => file,
@ -24,8 +28,8 @@ class nsxt::create_repo (
}
exec { 'Create repo':
path => '/usr/sbin:/usr/bin:/sbin:/bin',
command => "cd ${repo_dir} && dpkg-scanpackages . /dev/null | gzip -9c > Packages.gz",
command => "/tmp/create_repo.sh ${repo_dir} ${component_archive}",
provider => 'shell',
require => File[$repo_dir],
require => File['/tmp/create_repo.sh'],
}
}

View File

@ -0,0 +1,6 @@
class nsxt::hiera_override (
$override_file_name,
) {
$override_file_path = "/etc/hiera/plugins/${override_file_name}.yaml"
hiera_overrides($override_file_path)
}

View File

@ -1,3 +1,36 @@
- id: nsx-t-hiera-override
version: 2.0.0
type: puppet
groups:
- primary-controller
- controller
- compute
required_for:
- netconfig
requires:
- globals
parameters:
puppet_manifest: puppet/manifests/hiera-override.pp
puppet_modules: puppet/modules
timeout: 120
- id: nsx-t-gem-install
version: 2.0.0
type: puppet
groups:
- primary-controller
- controller
- compute
required_for:
- nsx-t-reg-controller-on-management-plane
- nsx-t-reg-controller-as-transport-node
requires:
- setup_repositories
parameters:
puppet_manifest: puppet/manifests/gem-install.pp
puppet_modules: puppet/modules
timeout: 300
- id: nsx-t-create-repo
version: 2.0.0
type: puppet
@ -6,13 +39,34 @@
- controller
- compute
required_for:
- pre_deployment_end
- netconfig
requires:
- pre_deployment_start
- nsx-t-gem-install
parameters:
puppet_manifest: puppet/manifests/create-repo.pp
puppet_modules: puppet/modules
timeout: 120
timeout: 600
strategy:
type: one_by_one
- id: nsx-t-install-packages
version: 2.0.0
type: puppet
groups:
- primary-controller
- controller
- compute
required_for:
- openstack-network-start
- database
- primary-database
requires:
- netconfig
- nsx-t-create-repo
parameters:
puppet_manifest: puppet/manifests/install-nsx-packages.pp
puppet_modules: puppet/modules
timeout: 300
- id: nsx-t-install-plugin
version: 2.0.0
@ -21,9 +75,9 @@
- primary-controller
- controller
required_for:
- nsx-t-configure-plugin
- openstack-network-end
requires:
- openstack-network-common-config
- openstack-network-server-config
parameters:
puppet_manifest: puppet/manifests/install-nsx-plugin.pp
puppet_modules: puppet/modules
@ -36,10 +90,142 @@
- primary-controller
- controller
required_for:
- openstack-network-neutron-start
- openstack-network-end
requires:
- openstack-network-server-nova
- nsx-t-install-plugin
parameters:
puppet_manifest: puppet/manifests/configure-plugin.pp
puppet_modules: puppet/modules:/etc/puppet/modules
puppet_modules: puppet/modules
timeout: 60
- id: nsx-t-neutron-server-stop
version: 2.0.0
type: puppet
groups:
- primary-controller
- controller
required_for:
- openstack-network-end
requires:
- openstack-network-server-config
parameters:
puppet_manifest: puppet/manifests/neutron-server-stop.pp
puppet_modules: puppet/modules
timeout: 60
- id: nsx-t-primary-neutron-server-start
version: 2.0.0
type: puppet
groups:
- primary-controller
required_for:
- primary-openstack-network-agents-metadata
- primary-openstack-network-agents-dhcp
- openstack-network-networks
requires:
- nsx-t-configure-plugin
cross-depends:
- name: nsx-t-neutron-server-stop
parameters:
puppet_manifest: puppet/manifests/neutron-server-start.pp
puppet_modules: puppet/modules
timeout: 300
- id: nsx-t-reg-controller-on-management-plane
version: 2.0.0
type: puppet
groups:
- primary-controller
- controller
required_for:
- primary-openstack-network-agents-metadata
- primary-openstack-network-agents-dhcp
requires:
- nsx-t-install-packages
parameters:
puppet_manifest: puppet/manifests/reg-controller-on-management-plane.pp
puppet_modules: puppet/modules
timeout: 300
- id: nsx-t-reg-controller-as-transport-node
version: 2.0.0
type: puppet
groups:
- primary-controller
- controller
required_for:
- primary-openstack-network-agents-metadata
- primary-openstack-network-agents-dhcp
requires:
- nsx-t-reg-controller-on-management-plane
parameters:
puppet_manifest: puppet/manifests/reg-controller-as-transport-node.pp
puppet_modules: puppet/modules
timeout: 300
- id: nsx-t-neutron-server-start
version: 2.0.0
type: puppet
groups:
- controller
requires:
- nsx-t-neutron-server-stop
- nsx-t-configure-plugin
required_for:
- openstack-network-agents-metadata
- openstack-network-agents-dhcp
cross-depends:
- name: nsx-t-primary-neutron-server-start
parameters:
puppet_manifest: puppet/manifests/neutron-server-start.pp
puppet_modules: puppet/modules
timeout: 120
strategy:
type: one_by_one
- id: nsx-t-primary-configure-agents-dhcp
version: 2.0.0
type: puppet
groups:
- primary-controller
required_for:
- openstack-network-networks
requires:
- primary-openstack-network-agents-dhcp
cross-depends:
- name: nsx-t-configure-agents-dhcp
parameters:
puppet_manifest: puppet/manifests/configure-agents-dhcp.pp
puppet_modules: puppet/modules
timeout: 180
- id: nsx-t-configure-agents-dhcp
version: 2.0.0
type: puppet
groups:
- controller
required_for:
- openstack-network-end
requires:
- openstack-network-agents-dhcp
parameters:
puppet_manifest: puppet/manifests/configure-agents-dhcp.pp
puppet_modules: puppet/modules
timeout: 120
# skipped tasks
- id: openstack-network-networks
version: 2.0.0
type: skipped
- id: primary-openstack-network-plugins-l2
version: 2.0.0
type: skipped
- id: openstack-network-plugins-l2
version: 2.0.0
type: skipped
- id: primary-openstack-network-agents-l3
version: 2.0.0
type: skipped
- id: openstack-network-agents-l3
version: 2.0.0
type: skipped

View File

@ -1,6 +1,21 @@
attributes:
metadata:
group: network
insecure:
value: true
label: "Bypass NSX Manager certificate verification"
description: ''
weight: 1
type: 'checkbox'
ca_file:
value: ''
label: 'CA certificate file'
description: 'Specify a CA certificate file to use in NSX Manager certificate verification'
weight: 5
type: 'file'
restrictions:
- condition: "settings:nsx-t.insecure.value == true"
action: "hide"
nsx_api_managers:
value: ''
label: 'NSX Manager'
@ -62,3 +77,33 @@ attributes:
source: *uuid
error: 'Enter cluster UUID'
type: "text"
uplink_profile_uuid:
value: ''
label: 'Uplink profile ID'
weight: 45
regex:
source: *uuid
error: 'Enter uplink profile ID'
type: "text"
static_ip_pool_uuid:
value: ''
label: 'IP pool ID for STT VTEP'
weight: 50
regex:
source: *uuid
error: 'Enter IP pool ID'
type: "text"
transport_zone_uuid:
value: ''
label: 'Transport zone ID'
weight: 55
regex:
source: *uuid
error: 'Enter transport zone ID'
type: "text"
pnics_pairs:
value: 'enp0s1:uplink-1'
label: 'Colon separated pnics pairs, one per line'
min: 1
weight: 60
type: "textarea"

View File

@ -1,5 +1,29 @@
#!/bin/bash
# Add here any the actions which are required before plugin build
# like packages building, packages downloading from mirrors and so on.
# The script should return 0 if there were no errors.
set -eux
ROOT="$(dirname $(readlink -f $0))"
PLUGIN_MOD_DIR="$ROOT/deployment_scripts/puppet/modules/upstream"
MODULE_NAME='nsxt'
# Download upstream puppet modules that are not in fuel-library/
find "$ROOT/deployment_scripts/puppet/modules" -maxdepth 1 -mindepth 1 -type d ! -name $MODULE_NAME -prune -exec rm -fr {} \;
"$ROOT"/update_modules.sh -d "$PLUGIN_MOD_DIR"
# Remove .git directory
rm -fr $(find "${PLUGIN_MOD_DIR:?}" -name '.git' )
mv "$PLUGIN_MOD_DIR"/* "$(dirname $PLUGIN_MOD_DIR)"
# Download puppet modules that are in fuel-library/
TARBALL_VERSION='stable/mitaka'
REPO_PATH="https://github.com/openstack/fuel-library/tarball/${TARBALL_VERSION}"
#
wget -qO- "$REPO_PATH" | tar --wildcards -C "$PLUGIN_MOD_DIR" --strip-components=3 -zxvf - "openstack-fuel-library-*/deployment/puppet/"
mv "$PLUGIN_MOD_DIR"/osnailyfacter/lib/puppet/parser/functions/get_ssl_property.rb "$(dirname $PLUGIN_MOD_DIR)"/$MODULE_NAME/lib/puppet/parser/functions
# clean
rm -fr "$PLUGIN_MOD_DIR"

164
update_modules.sh Executable file
View File

@ -0,0 +1,164 @@
#!/bin/bash -e
###############################################################################
#
# Copyright 2015 Mirantis, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
###############################################################################
#
# update_modules.sh
#
# This script uses librarian-puppet-simple to populate the puppet folder with
# upstream puppet modules. By default, it assumes librarian-puppet-simple is
# already available to the environment or it will fail. You can provide command
# line options to have the script use bundler to install librarian-puppet-simple
# if neccessary.
#
# Parameters:
# -b - Use bundler to install librarian-puppet (optional)
# -r - Hard git reset of librarian managed modules back to specified version (optional)
# -p <puppet_version> - Puppet version to use with bundler (optional)
# -h <bundle_dir> - Folder to be used as the home directory for bundler (optional)
# -g <gem_home> - Folder to be used as the gem directory (optional)
# -u - Run librarian update (optional)
# -v - Verbose printing, turns on set -x (optional)
# -? - This usage information
#
# Variables:
# PUPPET_GEM_VERSION - the version of puppet to be pulled down by bundler
# Defaults to '3.4.3'
# BUNDLE_DIR - The folder to store the bundle gems in.
# Defaults to '/var/tmp/.bundle_home'
# GEM_HOME - The folder to store the gems in to not require root.
# Defaults to '/var/tmp/.gem_home'
#
# NOTE: These variables can be overriden via bash environment variable with the
# same name or via the command line paramters.
#
# Author: Alex Schultz <aschultz@mirantis.com>
#
###############################################################################
set -e
usage() {
cat <<EOF
Usage: $(basename $0) [-b] [-r] [-p <puppet_version>] [-h <bundle_dir>] [-g <gem_home>] [-u] [-?]
Options:
-b - Use bundler instead of assuming librarian-puppet is available
-r - Hard git reset of librarian managed modules back to specified version
-p <puppet_version> - Puppet version to use with bundler
-h <bundle_dir> - Folder to be used as the home directory for bundler
-g <gem_home> - Folder to be used as the gem directory
-u - Run librarian update
-v - Verbose printing of commands
-d - Patch where modules to install
-? - This usage information
EOF
exit 1
}
while getopts ":bp:g:h:vru:d:" opt; do
case $opt in
b)
USE_BUNDLER=true
BUNDLER_EXEC="bundle exec"
;;
p)
PUPPET_GEM_VERSION=$OPTARG
;;
h)
BUNDLE_DIR=$OPTARG
;;
g)
GEM_HOME=$OPTARG
;;
r)
RESET_HARD=true
;;
u)
UPDATE=true
;;
v)
VERBOSE='--verbose'
set -x
;;
d)
PLUGIN_MOD_DIR=$OPTARG
;;
\?)
usage
;;
:)
echo "Option -$OPTARG requires an argument." >&2
usage
;;
esac
done
shift "$((OPTIND-1))"
DEPLOYMENT_DIR=$(cd $(dirname $0) && pwd -P)
# Timeout in seconds for running puppet librarian
TIMEOUT=600
export PUPPET_GEM_VERSION=${PUPPET_GEM_VERSION:-'~>3.8'}
export BUNDLE_DIR=${BUNDLE_DIR:-'/var/tmp/.bundle_home'}
export GEM_HOME=${GEM_HOME:-'/var/tmp/.gem_home'}
# We need to be in the deployment directory to run librarian-puppet-simple
cd $DEPLOYMENT_DIR
if [ "$USE_BUNDLER" = true ]; then
# ensure bundler is installed
bundle --version
# update bundler modules
bundle update
fi
# if no timeout command, return true so we don't fail this script (LP#1510665)
TIMEOUT_CMD=$(type -P timeout || true)
if [ -n "$TIMEOUT_CMD" ]; then
TIMEOUT_CMD="$TIMEOUT_CMD $TIMEOUT"
fi
# Check to make sure if the folder already exists, it has a .git so we can
# use git on it. If the mod folder exists, but .git doesn't then remove the mod
# folder so it can be properly installed via librarian.
for MOD in $(grep "^mod" Puppetfile | tr -d '[:punct:]' | awk '{ print $2 }'); do
MOD_DIR="${PLUGIN_MOD_DIR}/${MOD}"
if [ -d $MOD_DIR ] && [ ! -d "${MOD_DIR}/.git" ];
then
rm -rf "${MOD_DIR}"
fi
done
# run librarian-puppet install to populate the modules if they do not already
# exist
$TIMEOUT_CMD $BUNDLER_EXEC librarian-puppet install $VERBOSE --path=${PLUGIN_MOD_DIR}
# run librarian-puppet update to ensure the modules are checked out to the
# correct version
if [ "$UPDATE" = true ]; then
$TIMEOUT_CMD $BUNDLER_EXEC librarian-puppet update $VERBOSE --path=${PLUGIN_MOD_DIR}
fi
# do a hard reset on the librarian managed modules LP#1489542
if [ "$RESET_HARD" = true ]; then
for MOD in $(grep "^mod " Puppetfile | tr -d '[:punct:]' | awk '{ print $2 }'); do
cd "${PLUGIN_MOD_DIR}/${MOD}"
git reset --hard
done
cd $DEPLOYMENT_DIR
fi